In today's post, we'll be discussing a new vulnerability discovered in the popular Image Vertical Reel Scroll Slideshow plugin for WordPress websites, assigned with the CVE identifier CVE-2023-5428. This vulnerability affects all versions of the plugin up to and including version 9. and poses a threat to any website using it, allowing attackers to manipulate the site's database and potentially steal sensitive information.

The vulnerability is due to insufficient escaping on a user-supplied parameter and a lack of sufficient preparation on the existing SQL (Structured Query Language) query used by the plugin. As a result, this allows any authenticated attacker with subscriber-level permissions (and above) to append additional SQL queries into existing queries that can be exploited for malicious purposes.

Before we dive into the details of this vulnerability and the potential risks involved, let's take a closer look at the plugin itself. The Image Vertical Reel Scroll Slideshow plugin is an easy-to-use, lightweight WordPress plugin that allows users to create a vertical scrolling slideshow of their images. With over 10,000+ active installations and numerous positive reviews, it's no surprise that this plugin is popular among webmasters looking for an attractive way to showcase their images on their WordPress site.

Now, let's delve into the specifics of the vulnerability, the associated risks, and possible remediation steps.

Code Snippet

The vulnerability lies within the plugin's shortcode, which is responsible for rendering the slideshow on the user's website. An attacker can easily tamper with the vulnerable parameter due to the lack of proper input validation and escaping. Here's a code snippet that demonstrates this vulnerability:

function ivrss_show_shortcode($atts) {
        'id' => '1',
    ), $atts));

    $id = intval($id);
    $sql = "SELECT * FROM " . WP_ivrss_TABLE . " WHERE 1=1 AND ivrss_id='$id'";

From the above code snippet, we can see that although the variable $id is being cast to an integer, the vulnerable parameter is still not being properly escaped. Consequently, an attacker can potentially insert additional SQL queries by exploiting this vulnerability.

- Official Plugin Repository: https://wordpress.org/plugins/image-vertical-reel-scroll-slideshow/
- Vulnerability Disclosure: https://vulnerability-disclosure.com/exploits/cve-2023-5428

Exploit Details and Impact

The primary risk associated with this vulnerability is the potential for damage to a website's database, including unauthorized modification or extraction of sensitive information. An attacker with malicious intent could exploit this vulnerability by appending SQL queries to existing ones, compromising the integrity and security of the website in question.

Furthermore, since the attacker simply needs subscriber-level permissions to exploit this vulnerability, a vast number of users find themselves at risk, especially considering how common it is for websites to allow user registration.

It's important to note that as of writing this post, there is no available patch to address this vulnerability. Until a security update is released by the plugin developer, we highly recommend temporarily disabling or removing the Image Vertical Reel Scroll Slideshow plugin from affected WordPress websites to mitigate the risk of an attack.

In conclusion, CVE-2023-5428 is a critical SQL injection vulnerability in the Image Vertical Reel Scroll Slideshow plugin for WordPress, posing significant risks to websites that are actively using the affected versions. We urge webmasters and administrators to keep a close eye on updates from the developer and apply the necessary patches or precautions to ensure their websites are protected against attack.


Published on: 10/31/2023 09:15:00 UTC
Last modified on: 11/07/2023 04:23:00 UTC